基于代价敏感度的改进型K近邻异常流量检测算法
Unsupervised network abnormal traffic detection method based on improved KNN
  
DOI:
中文关键词:  异常检测;无监督学习;K近邻算法;入侵检测系统
英文关键词:anomaly detection; unsupervised learning; K nearest neighbor(KNN) algorithm; intrusion detection system
基金项目:国家重点研发计划(2020YFB1804701)和国家自然科学基金(61972211)资助项目
作者单位
李泽一 南京邮电大学 现代邮政学院,江苏 南京 210002 
王 攀 南京邮电大学 现代邮政学院,江苏 南京 210003 
摘要点击次数: 273
全文下载次数: 95
中文摘要:
      随着互联网的快速发展,网络安全越来越受到人们的重视。传统的异常流量检测模型虽然具有较好的识别率,但需要大量有标记的数据进行训练。因此,基于无监督学习的网络异常流量检测方法被广泛采用。近年来,随着深度学习算法在异常检测中的运用,无监督深度学习模型也不同程度地提升了检测算法的性能。然而,无监督深度学习方法往往无法避免异常检测阈值选择的问题。因此,针对现有数据标记困难和阈值选择的问题,文中提出了一种基于代价敏感度改进的K近邻算法结合阈值选择方法的异常流量检测系统。该系统不但可以准确识别恶意流量,也无需有标记数据集,极大减少了人工标注数据的工作量。实验使用UNSW NB15、NSL KDD和CICIDS2017数据集来验证模型的适用性,并分别与经典的机器学习算法One Class SVM以及深度学习方法AutoEncoder进行了对比。实验结果表明,在3类数据集上,与深度学习算法和传统的无监督机器学习算法相比,该算法有效提升了网络异常流量检测的性能。
英文摘要:
      With the rapid development of the Internet, people pay an increasing attention to network security. Although the traditional abnormal traffic detection model has a reasonable recognition rate, it needs considerable labeled data for training. Therefore, an abnormal network traffic detection method based on unsupervised learning has been widely used. In recent years, with the application of deep learning algorithms in anomaly detection, unsupervised deep learning models have also improved the performance of detection algorithms to varying degrees. However, unsupervised deep learning methods cannot avoid the problem of threshold selection for anomaly detection. Therefore, given the difficulty of data labeling and threshold selection, this paper proposes an abnormal traffic detection system based on a cost sensitive improved K nearest neighbor (KNN) algorithm combined with a threshold selection method. As a result, the system can accurately identify malicious traffic and does not require a labeled data set, which dramatically reduces the workload of manually labeling data. The experiment uses three data sets of UNSW NB15, NSL KDD, and CICIDS2017 to verify the models applicability by comparing the proposed method with the classic machine learning algorithm One Class SVM and the deep learning method AutoEncoder. The results show that compared with the deep learning algorithms and traditional unsupervised machine learning algorithms on the three types of data sets, the proposed algorithm effectively improves the performance of abnormal network traffic detection.
查看全文  查看/发表评论  下载PDF阅读器

你是第2812145访问者
版权所有《南京邮电大学学报(自然科学版)》编辑部
Tel:86-25-85866913 E-mail:xb@njupt.edu.cn
技术支持:本系统由北京勤云科技发展有限公司设计